Outlier detection in IP traffic modelled as a link stream using the stability of degree distributions over time

Wilmet, Audrey; Viard, Tiphaine; Latapy, Matthieu; Lamarche-Perrin, Robin

doi:10.1016/j.comnet.2019.07.002

Cited by 5 publications

(3 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our work is closely related to areas like anomaly detection on graphs [1, 5-7, 20, 33, 34, 38, 49-51, 58, 68, 75, 78], graph and stream classification [10,28,[42][43][44]72], and outlier detection on streams [35,40,57,64,73,74]. In this section, we limit our review only to previous approaches for detecting anomalies on edge-streams, tensors and multi-aspect data.…”

Section: Related Workmentioning

confidence: 99%

MStream: Fast Anomaly Detection in Multi-Aspect Streams

Bhatia

Jain

et al. 2021

Proceedings of the Web Conference 2021

View full text Add to dashboard Cite

Given a stream of entries in a multi-aspect data setting i.e., entries having multiple dimensions, how can we detect anomalous activities in an unsupervised manner? For example, in the intrusion detection setting, existing work seeks to detect anomalous events or edges in dynamic graph streams, but this does not allow us to take into account additional attributes of each entry. Our work aims to define a streaming multi-aspect data anomaly detection framework, termed MStream which can detect unusual group anomalies as they occur, in a dynamic manner. MStream has the following properties: (a) it detects anomalies in multi-aspect data including both categorical and numeric attributes; (b) it is online, thus processing each record in constant time and constant memory; (c) it can capture the correlation between multiple aspects of the data. MStream is evaluated over the KDDCUP99, CICIDS-DoS, UNSW-NB 15 and CICIDS-DDoS datasets, and outperforms state-of-the-art baselines.

show abstract

Section: Related Workmentioning

confidence: 99%

MStream: Fast Anomaly Detection in Multi-Aspect Streams

Bhatia

Jain

et al. 2021

Proceedings of the Web Conference 2021

View full text Add to dashboard Cite

show abstract

“…In all cases, the base object is identical: a sequence of (𝑡, 𝑢, 𝑣) indicating that nodes 𝑢 and 𝑣 interacted at time 𝑡. From this object, different communities have researched with different goals in mind: temporal networks has large bodies of work around diffusion and temporal causality [11]; time-varying graphs focuses on reachability and elaborating algorithmic complexity classes [5]; stream graphs focus on extending the notions used for large-graph analysis [28] and applying them to real-world scenarios such as traffic analysis [31], or financial network analysis [9], among others.…”

Section: Stream Graphs and Modelling Of Interactions Over Timementioning

confidence: 99%

Exploring and mining attributed sequences of interactions

Viard¹,

Soldano²,

Santini³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

We are faced with data comprised of entities interacting over time: this can be individuals meeting, customers buying products, machines exchanging packets on the IP network, among others. Capturing the dynamics as well as the structure of these interactions is of crucial importance for analysis. These interactions can almost always be labeled with content: group belonging, reviews of products, abstracts, etc. We model these stream of interactions as stream graphs, a recent framework to model interactions over time. Formal Concept Analysis provides a framework for analyzing concepts evolving within a context. Considering graphs as the context, it has recently been applied to perform closed pattern mining on social graphs. In this paper, we are interested in pattern mining in sequences of interactions. After recalling and extending notions from formal concept analysis on graphs to stream graphs, we introduce algorithms to enumerate closed patterns on a labeled stream graph, and introduce a way to select relevant closed patterns. We run experiments on two real-world datasets of interactions among students and citations between authors, and show both the feasibility and the relevance of our method.

show abstract

“…As a result, accurately predicting internet traffic can be challenging. Moreover, anomalies or outliers are common in real-world internet traffic [ 3 ], which can further complicate traffic forecasting. These anomalies can occur due to issues with data collection sensors, leading to faulty data being included in the analysis.…”

Section: Introductionmentioning

confidence: 99%

Multi-Step Internet Traffic Forecasting Models with Variable Forecast Horizons for Proactive Network Management

Saha,

Haque,

Sidebottom

2024

Sensors

View full text Add to dashboard Cite

The ISP (Internet Service Provider) industry relies heavily on internet traffic forecasting (ITF) for long-term business strategy planning and proactive network management. Effective ITF frameworks are necessary to manage these networks and prevent network congestion and over-provisioning. This study introduces an ITF model designed for proactive network management. It innovatively combines outlier detection and mitigation techniques with advanced gradient descent and boosting algorithms, including Gradient Boosting Regressor (GBR), Extreme Gradient Boosting (XGB), Light Gradient Boosting Machine (LGB), CatBoost Regressor (CBR), and Stochastic Gradient Descent (SGD). In contrast to traditional methods that rely on synthetic datasets, our model addresses the problems caused by real aberrant ISP traffic data. We evaluated our model across varying forecast horizons—six, nine, and twelve steps—demonstrating its adaptability and superior predictive accuracy compared to traditional forecasting models. The integration of the outlier detection and mitigation module significantly enhances the model’s performance, ensuring robust and accurate predictions even in the presence of data volatility and anomalies. To guarantee that our suggested model works in real-world situations, our research is based on an extensive experimental setup that uses real internet traffic monitoring from high-speed ISP networks.

show abstract

Outlier detection in IP traffic modelled as a link stream using the stability of degree distributions over time

Cited by 5 publications

References 41 publications

MStream: Fast Anomaly Detection in Multi-Aspect Streams

MStream: Fast Anomaly Detection in Multi-Aspect Streams

Exploring and mining attributed sequences of interactions

Multi-Step Internet Traffic Forecasting Models with Variable Forecast Horizons for Proactive Network Management

Contact Info

Product

Resources

About